diff options
author | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-28 18:43:25 -0400 |
---|---|---|
committer | Linus Torvalds <torvalds@linux-foundation.org> | 2011-03-28 18:43:25 -0400 |
commit | 7f5fe3ec8eab23cc28e8fb7d23b4777ad6a05734 (patch) | |
tree | 1c553d6a92115aea7d24d279c0bee5dc6e894902 | |
parent | 212a17ab878305600e607f637d2d8a49d9f7ef25 (diff) | |
parent | b5695d04634fa4ccca7dcbc05bb4a66522f02e0b (diff) |
Merge branch 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6
* 'for-linus' of git://git.kernel.org/pub/scm/linux/kernel/git/ecryptfs/ecryptfs-2.6:
eCryptfs: write lock requested keys
eCryptfs: move ecryptfs_find_auth_tok_for_sig() call before mutex_lock
eCryptfs: verify authentication tokens before their use
eCryptfs: modified size of keysig in the ecryptfs_key_sig structure
eCryptfs: removed num_global_auth_toks from ecryptfs_mount_crypt_stat
eCryptfs: ecryptfs_keyring_auth_tok_for_sig() bug fix
eCryptfs: Unlock page in write_begin error path
ecryptfs: modify write path to encrypt page in writepage
eCryptfs: Remove ECRYPTFS_NEW_FILE crypt stat flag
eCryptfs: Remove unnecessary grow_file() function
-rw-r--r-- | fs/ecryptfs/crypto.c | 2 | ||||
-rw-r--r-- | fs/ecryptfs/ecryptfs_kernel.h | 30 | ||||
-rw-r--r-- | fs/ecryptfs/file.c | 9 | ||||
-rw-r--r-- | fs/ecryptfs/inode.c | 24 | ||||
-rw-r--r-- | fs/ecryptfs/keystore.c | 272 | ||||
-rw-r--r-- | fs/ecryptfs/main.c | 10 | ||||
-rw-r--r-- | fs/ecryptfs/mmap.c | 61 | ||||
-rw-r--r-- | fs/ecryptfs/read_write.c | 12 | ||||
-rw-r--r-- | fs/ecryptfs/super.c | 3 |
9 files changed, 235 insertions, 188 deletions
diff --git a/fs/ecryptfs/crypto.c b/fs/ecryptfs/crypto.c index bfd8b680e648..d2a70a4561f9 100644 --- a/fs/ecryptfs/crypto.c +++ b/fs/ecryptfs/crypto.c | |||
@@ -266,7 +266,6 @@ void ecryptfs_destroy_mount_crypt_stat( | |||
266 | &mount_crypt_stat->global_auth_tok_list, | 266 | &mount_crypt_stat->global_auth_tok_list, |
267 | mount_crypt_stat_list) { | 267 | mount_crypt_stat_list) { |
268 | list_del(&auth_tok->mount_crypt_stat_list); | 268 | list_del(&auth_tok->mount_crypt_stat_list); |
269 | mount_crypt_stat->num_global_auth_toks--; | ||
270 | if (auth_tok->global_auth_tok_key | 269 | if (auth_tok->global_auth_tok_key |
271 | && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) | 270 | && !(auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID)) |
272 | key_put(auth_tok->global_auth_tok_key); | 271 | key_put(auth_tok->global_auth_tok_key); |
@@ -1389,6 +1388,7 @@ int ecryptfs_write_metadata(struct dentry *ecryptfs_dentry) | |||
1389 | rc = -ENOMEM; | 1388 | rc = -ENOMEM; |
1390 | goto out; | 1389 | goto out; |
1391 | } | 1390 | } |
1391 | /* Zeroed page ensures the in-header unencrypted i_size is set to 0 */ | ||
1392 | rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat, | 1392 | rc = ecryptfs_write_headers_virt(virt, virt_len, &size, crypt_stat, |
1393 | ecryptfs_dentry); | 1393 | ecryptfs_dentry); |
1394 | if (unlikely(rc)) { | 1394 | if (unlikely(rc)) { |
diff --git a/fs/ecryptfs/ecryptfs_kernel.h b/fs/ecryptfs/ecryptfs_kernel.h index e00753496e3e..bd3cafd0949d 100644 --- a/fs/ecryptfs/ecryptfs_kernel.h +++ b/fs/ecryptfs/ecryptfs_kernel.h | |||
@@ -233,7 +233,7 @@ ecryptfs_get_key_payload_data(struct key *key) | |||
233 | 233 | ||
234 | struct ecryptfs_key_sig { | 234 | struct ecryptfs_key_sig { |
235 | struct list_head crypt_stat_list; | 235 | struct list_head crypt_stat_list; |
236 | char keysig[ECRYPTFS_SIG_SIZE_HEX]; | 236 | char keysig[ECRYPTFS_SIG_SIZE_HEX + 1]; |
237 | }; | 237 | }; |
238 | 238 | ||
239 | struct ecryptfs_filename { | 239 | struct ecryptfs_filename { |
@@ -257,19 +257,18 @@ struct ecryptfs_filename { | |||
257 | struct ecryptfs_crypt_stat { | 257 | struct ecryptfs_crypt_stat { |
258 | #define ECRYPTFS_STRUCT_INITIALIZED 0x00000001 | 258 | #define ECRYPTFS_STRUCT_INITIALIZED 0x00000001 |
259 | #define ECRYPTFS_POLICY_APPLIED 0x00000002 | 259 | #define ECRYPTFS_POLICY_APPLIED 0x00000002 |
260 | #define ECRYPTFS_NEW_FILE 0x00000004 | 260 | #define ECRYPTFS_ENCRYPTED 0x00000004 |
261 | #define ECRYPTFS_ENCRYPTED 0x00000008 | 261 | #define ECRYPTFS_SECURITY_WARNING 0x00000008 |
262 | #define ECRYPTFS_SECURITY_WARNING 0x00000010 | 262 | #define ECRYPTFS_ENABLE_HMAC 0x00000010 |
263 | #define ECRYPTFS_ENABLE_HMAC 0x00000020 | 263 | #define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000020 |
264 | #define ECRYPTFS_ENCRYPT_IV_PAGES 0x00000040 | 264 | #define ECRYPTFS_KEY_VALID 0x00000040 |
265 | #define ECRYPTFS_KEY_VALID 0x00000080 | 265 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000080 |
266 | #define ECRYPTFS_METADATA_IN_XATTR 0x00000100 | 266 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000100 |
267 | #define ECRYPTFS_VIEW_AS_ENCRYPTED 0x00000200 | 267 | #define ECRYPTFS_KEY_SET 0x00000200 |
268 | #define ECRYPTFS_KEY_SET 0x00000400 | 268 | #define ECRYPTFS_ENCRYPT_FILENAMES 0x00000400 |
269 | #define ECRYPTFS_ENCRYPT_FILENAMES 0x00000800 | 269 | #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00000800 |
270 | #define ECRYPTFS_ENCFN_USE_MOUNT_FNEK 0x00001000 | 270 | #define ECRYPTFS_ENCFN_USE_FEK 0x00001000 |
271 | #define ECRYPTFS_ENCFN_USE_FEK 0x00002000 | 271 | #define ECRYPTFS_UNLINK_SIGS 0x00002000 |
272 | #define ECRYPTFS_UNLINK_SIGS 0x00004000 | ||
273 | u32 flags; | 272 | u32 flags; |
274 | unsigned int file_version; | 273 | unsigned int file_version; |
275 | size_t iv_bytes; | 274 | size_t iv_bytes; |
@@ -297,7 +296,6 @@ struct ecryptfs_inode_info { | |||
297 | struct inode vfs_inode; | 296 | struct inode vfs_inode; |
298 | struct inode *wii_inode; | 297 | struct inode *wii_inode; |
299 | struct file *lower_file; | 298 | struct file *lower_file; |
300 | struct mutex lower_file_mutex; | ||
301 | struct ecryptfs_crypt_stat crypt_stat; | 299 | struct ecryptfs_crypt_stat crypt_stat; |
302 | }; | 300 | }; |
303 | 301 | ||
@@ -333,7 +331,6 @@ struct ecryptfs_global_auth_tok { | |||
333 | u32 flags; | 331 | u32 flags; |
334 | struct list_head mount_crypt_stat_list; | 332 | struct list_head mount_crypt_stat_list; |
335 | struct key *global_auth_tok_key; | 333 | struct key *global_auth_tok_key; |
336 | struct ecryptfs_auth_tok *global_auth_tok; | ||
337 | unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1]; | 334 | unsigned char sig[ECRYPTFS_SIG_SIZE_HEX + 1]; |
338 | }; | 335 | }; |
339 | 336 | ||
@@ -380,7 +377,6 @@ struct ecryptfs_mount_crypt_stat { | |||
380 | u32 flags; | 377 | u32 flags; |
381 | struct list_head global_auth_tok_list; | 378 | struct list_head global_auth_tok_list; |
382 | struct mutex global_auth_tok_list_mutex; | 379 | struct mutex global_auth_tok_list_mutex; |
383 | size_t num_global_auth_toks; | ||
384 | size_t global_default_cipher_key_size; | 380 | size_t global_default_cipher_key_size; |
385 | size_t global_default_fn_cipher_key_bytes; | 381 | size_t global_default_fn_cipher_key_bytes; |
386 | unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE | 382 | unsigned char global_default_cipher_name[ECRYPTFS_MAX_CIPHER_NAME_SIZE |
diff --git a/fs/ecryptfs/file.c b/fs/ecryptfs/file.c index 7d1050e254f9..cedc913d11ba 100644 --- a/fs/ecryptfs/file.c +++ b/fs/ecryptfs/file.c | |||
@@ -273,7 +273,14 @@ static int ecryptfs_release(struct inode *inode, struct file *file) | |||
273 | static int | 273 | static int |
274 | ecryptfs_fsync(struct file *file, int datasync) | 274 | ecryptfs_fsync(struct file *file, int datasync) |
275 | { | 275 | { |
276 | return vfs_fsync(ecryptfs_file_to_lower(file), datasync); | 276 | int rc = 0; |
277 | |||
278 | rc = generic_file_fsync(file, datasync); | ||
279 | if (rc) | ||
280 | goto out; | ||
281 | rc = vfs_fsync(ecryptfs_file_to_lower(file), datasync); | ||
282 | out: | ||
283 | return rc; | ||
277 | } | 284 | } |
278 | 285 | ||
279 | static int ecryptfs_fasync(int fd, struct file *file, int flag) | 286 | static int ecryptfs_fasync(int fd, struct file *file, int flag) |
diff --git a/fs/ecryptfs/inode.c b/fs/ecryptfs/inode.c index b592938a84bc..f99051b7adab 100644 --- a/fs/ecryptfs/inode.c +++ b/fs/ecryptfs/inode.c | |||
@@ -143,26 +143,6 @@ out: | |||
143 | } | 143 | } |
144 | 144 | ||
145 | /** | 145 | /** |
146 | * grow_file | ||
147 | * @ecryptfs_dentry: the eCryptfs dentry | ||
148 | * | ||
149 | * This is the code which will grow the file to its correct size. | ||
150 | */ | ||
151 | static int grow_file(struct dentry *ecryptfs_dentry) | ||
152 | { | ||
153 | struct inode *ecryptfs_inode = ecryptfs_dentry->d_inode; | ||
154 | char zero_virt[] = { 0x00 }; | ||
155 | int rc = 0; | ||
156 | |||
157 | rc = ecryptfs_write(ecryptfs_inode, zero_virt, 0, 1); | ||
158 | i_size_write(ecryptfs_inode, 0); | ||
159 | rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); | ||
160 | ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat.flags |= | ||
161 | ECRYPTFS_NEW_FILE; | ||
162 | return rc; | ||
163 | } | ||
164 | |||
165 | /** | ||
166 | * ecryptfs_initialize_file | 146 | * ecryptfs_initialize_file |
167 | * | 147 | * |
168 | * Cause the file to be changed from a basic empty file to an ecryptfs | 148 | * Cause the file to be changed from a basic empty file to an ecryptfs |
@@ -181,7 +161,6 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) | |||
181 | crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); | 161 | crypt_stat->flags &= ~(ECRYPTFS_ENCRYPTED); |
182 | goto out; | 162 | goto out; |
183 | } | 163 | } |
184 | crypt_stat->flags |= ECRYPTFS_NEW_FILE; | ||
185 | ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); | 164 | ecryptfs_printk(KERN_DEBUG, "Initializing crypto context\n"); |
186 | rc = ecryptfs_new_file_context(ecryptfs_dentry); | 165 | rc = ecryptfs_new_file_context(ecryptfs_dentry); |
187 | if (rc) { | 166 | if (rc) { |
@@ -202,9 +181,6 @@ static int ecryptfs_initialize_file(struct dentry *ecryptfs_dentry) | |||
202 | printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc); | 181 | printk(KERN_ERR "Error writing headers; rc = [%d]\n", rc); |
203 | goto out; | 182 | goto out; |
204 | } | 183 | } |
205 | rc = grow_file(ecryptfs_dentry); | ||
206 | if (rc) | ||
207 | printk(KERN_ERR "Error growing file; rc = [%d]\n", rc); | ||
208 | out: | 184 | out: |
209 | return rc; | 185 | return rc; |
210 | } | 186 | } |
diff --git a/fs/ecryptfs/keystore.c b/fs/ecryptfs/keystore.c index c1436cff6f2d..03e609c45012 100644 --- a/fs/ecryptfs/keystore.c +++ b/fs/ecryptfs/keystore.c | |||
@@ -65,6 +65,24 @@ static int process_request_key_err(long err_code) | |||
65 | return rc; | 65 | return rc; |
66 | } | 66 | } |
67 | 67 | ||
68 | static int process_find_global_auth_tok_for_sig_err(int err_code) | ||
69 | { | ||
70 | int rc = err_code; | ||
71 | |||
72 | switch (err_code) { | ||
73 | case -ENOENT: | ||
74 | ecryptfs_printk(KERN_WARNING, "Missing auth tok\n"); | ||
75 | break; | ||
76 | case -EINVAL: | ||
77 | ecryptfs_printk(KERN_WARNING, "Invalid auth tok\n"); | ||
78 | break; | ||
79 | default: | ||
80 | rc = process_request_key_err(err_code); | ||
81 | break; | ||
82 | } | ||
83 | return rc; | ||
84 | } | ||
85 | |||
68 | /** | 86 | /** |
69 | * ecryptfs_parse_packet_length | 87 | * ecryptfs_parse_packet_length |
70 | * @data: Pointer to memory containing length at offset | 88 | * @data: Pointer to memory containing length at offset |
@@ -403,27 +421,120 @@ out: | |||
403 | return rc; | 421 | return rc; |
404 | } | 422 | } |
405 | 423 | ||
424 | /** | ||
425 | * ecryptfs_verify_version | ||
426 | * @version: The version number to confirm | ||
427 | * | ||
428 | * Returns zero on good version; non-zero otherwise | ||
429 | */ | ||
430 | static int ecryptfs_verify_version(u16 version) | ||
431 | { | ||
432 | int rc = 0; | ||
433 | unsigned char major; | ||
434 | unsigned char minor; | ||
435 | |||
436 | major = ((version >> 8) & 0xFF); | ||
437 | minor = (version & 0xFF); | ||
438 | if (major != ECRYPTFS_VERSION_MAJOR) { | ||
439 | ecryptfs_printk(KERN_ERR, "Major version number mismatch. " | ||
440 | "Expected [%d]; got [%d]\n", | ||
441 | ECRYPTFS_VERSION_MAJOR, major); | ||
442 | rc = -EINVAL; | ||
443 | goto out; | ||
444 | } | ||
445 | if (minor != ECRYPTFS_VERSION_MINOR) { | ||
446 | ecryptfs_printk(KERN_ERR, "Minor version number mismatch. " | ||
447 | "Expected [%d]; got [%d]\n", | ||
448 | ECRYPTFS_VERSION_MINOR, minor); | ||
449 | rc = -EINVAL; | ||
450 | goto out; | ||
451 | } | ||
452 | out: | ||
453 | return rc; | ||
454 | } | ||
455 | |||
456 | /** | ||
457 | * ecryptfs_verify_auth_tok_from_key | ||
458 | * @auth_tok_key: key containing the authentication token | ||
459 | * @auth_tok: authentication token | ||
460 | * | ||
461 | * Returns zero on valid auth tok; -EINVAL otherwise | ||
462 | */ | ||
463 | static int | ||
464 | ecryptfs_verify_auth_tok_from_key(struct key *auth_tok_key, | ||
465 | struct ecryptfs_auth_tok **auth_tok) | ||
466 | { | ||
467 | int rc = 0; | ||
468 | |||
469 | (*auth_tok) = ecryptfs_get_key_payload_data(auth_tok_key); | ||
470 | if (ecryptfs_verify_version((*auth_tok)->version)) { | ||
471 | printk(KERN_ERR "Data structure version mismatch. Userspace " | ||
472 | "tools must match eCryptfs kernel module with major " | ||
473 | "version [%d] and minor version [%d]\n", | ||
474 | ECRYPTFS_VERSION_MAJOR, ECRYPTFS_VERSION_MINOR); | ||
475 | rc = -EINVAL; | ||
476 | goto out; | ||
477 | } | ||
478 | if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD | ||
479 | && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) { | ||
480 | printk(KERN_ERR "Invalid auth_tok structure " | ||
481 | "returned from key query\n"); | ||
482 | rc = -EINVAL; | ||
483 | goto out; | ||
484 | } | ||
485 | out: | ||
486 | return rc; | ||
487 | } | ||
488 | |||
406 | static int | 489 | static int |
407 | ecryptfs_find_global_auth_tok_for_sig( | 490 | ecryptfs_find_global_auth_tok_for_sig( |
408 | struct ecryptfs_global_auth_tok **global_auth_tok, | 491 | struct key **auth_tok_key, |
492 | struct ecryptfs_auth_tok **auth_tok, | ||
409 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) | 493 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, char *sig) |
410 | { | 494 | { |
411 | struct ecryptfs_global_auth_tok *walker; | 495 | struct ecryptfs_global_auth_tok *walker; |
412 | int rc = 0; | 496 | int rc = 0; |
413 | 497 | ||
414 | (*global_auth_tok) = NULL; | 498 | (*auth_tok_key) = NULL; |
499 | (*auth_tok) = NULL; | ||
415 | mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); | 500 | mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); |
416 | list_for_each_entry(walker, | 501 | list_for_each_entry(walker, |
417 | &mount_crypt_stat->global_auth_tok_list, | 502 | &mount_crypt_stat->global_auth_tok_list, |
418 | mount_crypt_stat_list) { | 503 | mount_crypt_stat_list) { |
419 | if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX) == 0) { | 504 | if (memcmp(walker->sig, sig, ECRYPTFS_SIG_SIZE_HEX)) |
420 | rc = key_validate(walker->global_auth_tok_key); | 505 | continue; |
421 | if (!rc) | 506 | |
422 | (*global_auth_tok) = walker; | 507 | if (walker->flags & ECRYPTFS_AUTH_TOK_INVALID) { |
508 | rc = -EINVAL; | ||
423 | goto out; | 509 | goto out; |
424 | } | 510 | } |
511 | |||
512 | rc = key_validate(walker->global_auth_tok_key); | ||
513 | if (rc) { | ||
514 | if (rc == -EKEYEXPIRED) | ||
515 | goto out; | ||
516 | goto out_invalid_auth_tok; | ||
517 | } | ||
518 | |||
519 | down_write(&(walker->global_auth_tok_key->sem)); | ||
520 | rc = ecryptfs_verify_auth_tok_from_key( | ||
521 | walker->global_auth_tok_key, auth_tok); | ||
522 | if (rc) | ||
523 | goto out_invalid_auth_tok_unlock; | ||
524 | |||
525 | (*auth_tok_key) = walker->global_auth_tok_key; | ||
526 | key_get(*auth_tok_key); | ||
527 | goto out; | ||
425 | } | 528 | } |
426 | rc = -EINVAL; | 529 | rc = -ENOENT; |
530 | goto out; | ||
531 | out_invalid_auth_tok_unlock: | ||
532 | up_write(&(walker->global_auth_tok_key->sem)); | ||
533 | out_invalid_auth_tok: | ||
534 | printk(KERN_WARNING "Invalidating auth tok with sig = [%s]\n", sig); | ||
535 | walker->flags |= ECRYPTFS_AUTH_TOK_INVALID; | ||
536 | key_put(walker->global_auth_tok_key); | ||
537 | walker->global_auth_tok_key = NULL; | ||
427 | out: | 538 | out: |
428 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); | 539 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); |
429 | return rc; | 540 | return rc; |
@@ -451,14 +562,11 @@ ecryptfs_find_auth_tok_for_sig( | |||
451 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, | 562 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat, |
452 | char *sig) | 563 | char *sig) |
453 | { | 564 | { |
454 | struct ecryptfs_global_auth_tok *global_auth_tok; | ||
455 | int rc = 0; | 565 | int rc = 0; |
456 | 566 | ||
457 | (*auth_tok_key) = NULL; | 567 | rc = ecryptfs_find_global_auth_tok_for_sig(auth_tok_key, auth_tok, |
458 | (*auth_tok) = NULL; | 568 | mount_crypt_stat, sig); |
459 | if (ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, | 569 | if (rc == -ENOENT) { |
460 | mount_crypt_stat, sig)) { | ||
461 | |||
462 | /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the | 570 | /* if the flag ECRYPTFS_GLOBAL_MOUNT_AUTH_TOK_ONLY is set in the |
463 | * mount_crypt_stat structure, we prevent to use auth toks that | 571 | * mount_crypt_stat structure, we prevent to use auth toks that |
464 | * are not inserted through the ecryptfs_add_global_auth_tok | 572 | * are not inserted through the ecryptfs_add_global_auth_tok |
@@ -470,8 +578,7 @@ ecryptfs_find_auth_tok_for_sig( | |||
470 | 578 | ||
471 | rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok, | 579 | rc = ecryptfs_keyring_auth_tok_for_sig(auth_tok_key, auth_tok, |
472 | sig); | 580 | sig); |
473 | } else | 581 | } |
474 | (*auth_tok) = global_auth_tok->global_auth_tok; | ||
475 | return rc; | 582 | return rc; |
476 | } | 583 | } |
477 | 584 | ||
@@ -531,6 +638,16 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
531 | } | 638 | } |
532 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; | 639 | s->desc.flags = CRYPTO_TFM_REQ_MAY_SLEEP; |
533 | (*packet_size) = 0; | 640 | (*packet_size) = 0; |
641 | rc = ecryptfs_find_auth_tok_for_sig( | ||
642 | &auth_tok_key, | ||
643 | &s->auth_tok, mount_crypt_stat, | ||
644 | mount_crypt_stat->global_default_fnek_sig); | ||
645 | if (rc) { | ||
646 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
647 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
648 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
649 | goto out; | ||
650 | } | ||
534 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( | 651 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name( |
535 | &s->desc.tfm, | 652 | &s->desc.tfm, |
536 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); | 653 | &s->tfm_mutex, mount_crypt_stat->global_default_fn_cipher_name); |
@@ -616,16 +733,6 @@ ecryptfs_write_tag_70_packet(char *dest, size_t *remaining_bytes, | |||
616 | goto out_free_unlock; | 733 | goto out_free_unlock; |
617 | } | 734 | } |
618 | dest[s->i++] = s->cipher_code; | 735 | dest[s->i++] = s->cipher_code; |
619 | rc = ecryptfs_find_auth_tok_for_sig( | ||
620 | &auth_tok_key, | ||
621 | &s->auth_tok, mount_crypt_stat, | ||
622 | mount_crypt_stat->global_default_fnek_sig); | ||
623 | if (rc) { | ||
624 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
625 | "fnek sig [%s]; rc = [%d]\n", __func__, | ||
626 | mount_crypt_stat->global_default_fnek_sig, rc); | ||
627 | goto out_free_unlock; | ||
628 | } | ||
629 | /* TODO: Support other key modules than passphrase for | 736 | /* TODO: Support other key modules than passphrase for |
630 | * filename encryption */ | 737 | * filename encryption */ |
631 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 738 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
@@ -765,8 +872,10 @@ out_free_unlock: | |||
765 | out_unlock: | 872 | out_unlock: |
766 | mutex_unlock(s->tfm_mutex); | 873 | mutex_unlock(s->tfm_mutex); |
767 | out: | 874 | out: |
768 | if (auth_tok_key) | 875 | if (auth_tok_key) { |
876 | up_write(&(auth_tok_key->sem)); | ||
769 | key_put(auth_tok_key); | 877 | key_put(auth_tok_key); |
878 | } | ||
770 | kfree(s); | 879 | kfree(s); |
771 | return rc; | 880 | return rc; |
772 | } | 881 | } |
@@ -879,6 +988,15 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
879 | __func__, s->cipher_code); | 988 | __func__, s->cipher_code); |
880 | goto out; | 989 | goto out; |
881 | } | 990 | } |
991 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
992 | &s->auth_tok, mount_crypt_stat, | ||
993 | s->fnek_sig_hex); | ||
994 | if (rc) { | ||
995 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
996 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
997 | rc); | ||
998 | goto out; | ||
999 | } | ||
882 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, | 1000 | rc = ecryptfs_get_tfm_and_mutex_for_cipher_name(&s->desc.tfm, |
883 | &s->tfm_mutex, | 1001 | &s->tfm_mutex, |
884 | s->cipher_string); | 1002 | s->cipher_string); |
@@ -925,15 +1043,6 @@ ecryptfs_parse_tag_70_packet(char **filename, size_t *filename_size, | |||
925 | * >= ECRYPTFS_MAX_IV_BYTES. */ | 1043 | * >= ECRYPTFS_MAX_IV_BYTES. */ |
926 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); | 1044 | memset(s->iv, 0, ECRYPTFS_MAX_IV_BYTES); |
927 | s->desc.info = s->iv; | 1045 | s->desc.info = s->iv; |
928 | rc = ecryptfs_find_auth_tok_for_sig(&auth_tok_key, | ||
929 | &s->auth_tok, mount_crypt_stat, | ||
930 | s->fnek_sig_hex); | ||
931 | if (rc) { | ||
932 | printk(KERN_ERR "%s: Error attempting to find auth tok for " | ||
933 | "fnek sig [%s]; rc = [%d]\n", __func__, s->fnek_sig_hex, | ||
934 | rc); | ||
935 | goto out_free_unlock; | ||
936 | } | ||
937 | /* TODO: Support other key modules than passphrase for | 1046 | /* TODO: Support other key modules than passphrase for |
938 | * filename encryption */ | 1047 | * filename encryption */ |
939 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { | 1048 | if (s->auth_tok->token_type != ECRYPTFS_PASSWORD) { |
@@ -1002,8 +1111,10 @@ out: | |||
1002 | (*filename_size) = 0; | 1111 | (*filename_size) = 0; |
1003 | (*filename) = NULL; | 1112 | (*filename) = NULL; |
1004 | } | 1113 | } |
1005 | if (auth_tok_key) | 1114 | if (auth_tok_key) { |
1115 | up_write(&(auth_tok_key->sem)); | ||
1006 | key_put(auth_tok_key); | 1116 | key_put(auth_tok_key); |
1117 | } | ||
1007 | kfree(s); | 1118 | kfree(s); |
1008 | return rc; | 1119 | return rc; |
1009 | } | 1120 | } |
@@ -1520,38 +1631,6 @@ out: | |||
1520 | return rc; | 1631 | return rc; |
1521 | } | 1632 | } |
1522 | 1633 | ||
1523 | /** | ||
1524 | * ecryptfs_verify_version | ||
1525 | * @version: The version number to confirm | ||
1526 | * | ||
1527 | * Returns zero on good version; non-zero otherwise | ||
1528 | */ | ||
1529 | static int ecryptfs_verify_version(u16 version) | ||
1530 | { | ||
1531 | int rc = 0; | ||
1532 | unsigned char major; | ||
1533 | unsigned char minor; | ||
1534 | |||
1535 | major = ((version >> 8) & 0xFF); | ||
1536 | minor = (version & 0xFF); | ||
1537 | if (major != ECRYPTFS_VERSION_MAJOR) { | ||
1538 | ecryptfs_printk(KERN_ERR, "Major version number mismatch. " | ||
1539 | "Expected [%d]; got [%d]\n", | ||
1540 | ECRYPTFS_VERSION_MAJOR, major); | ||
1541 | rc = -EINVAL; | ||
1542 | goto out; | ||
1543 | } | ||
1544 | if (minor != ECRYPTFS_VERSION_MINOR) { | ||
1545 | ecryptfs_printk(KERN_ERR, "Minor version number mismatch. " | ||
1546 | "Expected [%d]; got [%d]\n", | ||
1547 | ECRYPTFS_VERSION_MINOR, minor); | ||
1548 | rc = -EINVAL; | ||
1549 | goto out; | ||
1550 | } | ||
1551 | out: | ||
1552 | return rc; | ||
1553 | } | ||
1554 | |||
1555 | int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, | 1634 | int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, |
1556 | struct ecryptfs_auth_tok **auth_tok, | 1635 | struct ecryptfs_auth_tok **auth_tok, |
1557 | char *sig) | 1636 | char *sig) |
@@ -1563,31 +1642,16 @@ int ecryptfs_keyring_auth_tok_for_sig(struct key **auth_tok_key, | |||
1563 | printk(KERN_ERR "Could not find key with description: [%s]\n", | 1642 | printk(KERN_ERR "Could not find key with description: [%s]\n", |
1564 | sig); | 1643 | sig); |
1565 | rc = process_request_key_err(PTR_ERR(*auth_tok_key)); | 1644 | rc = process_request_key_err(PTR_ERR(*auth_tok_key)); |
1645 | (*auth_tok_key) = NULL; | ||
1566 | goto out; | 1646 | goto out; |
1567 | } | 1647 | } |
1568 | (*auth_tok) = ecryptfs_get_key_payload_data(*auth_tok_key); | 1648 | down_write(&(*auth_tok_key)->sem); |
1569 | if (ecryptfs_verify_version((*auth_tok)->version)) { | 1649 | rc = ecryptfs_verify_auth_tok_from_key(*auth_tok_key, auth_tok); |
1570 | printk(KERN_ERR | ||
1571 | "Data structure version mismatch. " | ||
1572 | "Userspace tools must match eCryptfs " | ||
1573 | "kernel module with major version [%d] " | ||
1574 | "and minor version [%d]\n", | ||
1575 | ECRYPTFS_VERSION_MAJOR, | ||
1576 | ECRYPTFS_VERSION_MINOR); | ||
1577 | rc = -EINVAL; | ||
1578 | goto out_release_key; | ||
1579 | } | ||
1580 | if ((*auth_tok)->token_type != ECRYPTFS_PASSWORD | ||
1581 | && (*auth_tok)->token_type != ECRYPTFS_PRIVATE_KEY) { | ||
1582 | printk(KERN_ERR "Invalid auth_tok structure " | ||
1583 | "returned from key query\n"); | ||
1584 | rc = -EINVAL; | ||
1585 | goto out_release_key; | ||
1586 | } | ||
1587 | out_release_key: | ||
1588 | if (rc) { | 1650 | if (rc) { |
1651 | up_write(&(*auth_tok_key)->sem); | ||
1589 | key_put(*auth_tok_key); | 1652 | key_put(*auth_tok_key); |
1590 | (*auth_tok_key) = NULL; | 1653 | (*auth_tok_key) = NULL; |
1654 | goto out; | ||
1591 | } | 1655 | } |
1592 | out: | 1656 | out: |
1593 | return rc; | 1657 | return rc; |
@@ -1809,6 +1873,7 @@ int ecryptfs_parse_packet_set(struct ecryptfs_crypt_stat *crypt_stat, | |||
1809 | find_next_matching_auth_tok: | 1873 | find_next_matching_auth_tok: |
1810 | found_auth_tok = 0; | 1874 | found_auth_tok = 0; |
1811 | if (auth_tok_key) { | 1875 | if (auth_tok_key) { |
1876 | up_write(&(auth_tok_key->sem)); | ||
1812 | key_put(auth_tok_key); | 1877 | key_put(auth_tok_key); |
1813 | auth_tok_key = NULL; | 1878 | auth_tok_key = NULL; |
1814 | } | 1879 | } |
@@ -1895,8 +1960,10 @@ found_matching_auth_tok: | |||
1895 | out_wipe_list: | 1960 | out_wipe_list: |
1896 | wipe_auth_tok_list(&auth_tok_list); | 1961 | wipe_auth_tok_list(&auth_tok_list); |
1897 | out: | 1962 | out: |
1898 | if (auth_tok_key) | 1963 | if (auth_tok_key) { |
1964 | up_write(&(auth_tok_key->sem)); | ||
1899 | key_put(auth_tok_key); | 1965 | key_put(auth_tok_key); |
1966 | } | ||
1900 | return rc; | 1967 | return rc; |
1901 | } | 1968 | } |
1902 | 1969 | ||
@@ -2324,7 +2391,7 @@ ecryptfs_generate_key_packet_set(char *dest_base, | |||
2324 | size_t max) | 2391 | size_t max) |
2325 | { | 2392 | { |
2326 | struct ecryptfs_auth_tok *auth_tok; | 2393 | struct ecryptfs_auth_tok *auth_tok; |
2327 | struct ecryptfs_global_auth_tok *global_auth_tok; | 2394 | struct key *auth_tok_key = NULL; |
2328 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = | 2395 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat = |
2329 | &ecryptfs_superblock_to_private( | 2396 | &ecryptfs_superblock_to_private( |
2330 | ecryptfs_dentry->d_sb)->mount_crypt_stat; | 2397 | ecryptfs_dentry->d_sb)->mount_crypt_stat; |
@@ -2343,21 +2410,16 @@ ecryptfs_generate_key_packet_set(char *dest_base, | |||
2343 | list_for_each_entry(key_sig, &crypt_stat->keysig_list, | 2410 | list_for_each_entry(key_sig, &crypt_stat->keysig_list, |
2344 | crypt_stat_list) { | 2411 | crypt_stat_list) { |
2345 | memset(key_rec, 0, sizeof(*key_rec)); | 2412 | memset(key_rec, 0, sizeof(*key_rec)); |
2346 | rc = ecryptfs_find_global_auth_tok_for_sig(&global_auth_tok, | 2413 | rc = ecryptfs_find_global_auth_tok_for_sig(&auth_tok_key, |
2414 | &auth_tok, | ||
2347 | mount_crypt_stat, | 2415 | mount_crypt_stat, |
2348 | key_sig->keysig); | 2416 | key_sig->keysig); |
2349 | if (rc) { | 2417 | if (rc) { |
2350 | printk(KERN_ERR "Error attempting to get the global " | 2418 | printk(KERN_WARNING "Unable to retrieve auth tok with " |
2351 | "auth_tok; rc = [%d]\n", rc); | 2419 | "sig = [%s]\n", key_sig->keysig); |
2420 | rc = process_find_global_auth_tok_for_sig_err(rc); | ||
2352 | goto out_free; | 2421 | goto out_free; |
2353 | } | 2422 | } |
2354 | if (global_auth_tok->flags & ECRYPTFS_AUTH_TOK_INVALID) { | ||
2355 | printk(KERN_WARNING | ||
2356 | "Skipping invalid auth tok with sig = [%s]\n", | ||
2357 | global_auth_tok->sig); | ||
2358 | continue; | ||
2359 | } | ||
2360 | auth_tok = global_auth_tok->global_auth_tok; | ||
2361 | if (auth_tok->token_type == ECRYPTFS_PASSWORD) { | 2423 | if (auth_tok->token_type == ECRYPTFS_PASSWORD) { |
2362 | rc = write_tag_3_packet((dest_base + (*len)), | 2424 | rc = write_tag_3_packet((dest_base + (*len)), |
2363 | &max, auth_tok, | 2425 | &max, auth_tok, |
@@ -2395,6 +2457,9 @@ ecryptfs_generate_key_packet_set(char *dest_base, | |||
2395 | rc = -EINVAL; | 2457 | rc = -EINVAL; |
2396 | goto out_free; | 2458 | goto out_free; |
2397 | } | 2459 | } |
2460 | up_write(&(auth_tok_key->sem)); | ||
2461 | key_put(auth_tok_key); | ||
2462 | auth_tok_key = NULL; | ||
2398 | } | 2463 | } |
2399 | if (likely(max > 0)) { | 2464 | if (likely(max > 0)) { |
2400 | dest_base[(*len)] = 0x00; | 2465 | dest_base[(*len)] = 0x00; |
@@ -2407,6 +2472,11 @@ out_free: | |||
2407 | out: | 2472 | out: |
2408 | if (rc) | 2473 | if (rc) |
2409 | (*len) = 0; | 2474 | (*len) = 0; |
2475 | if (auth_tok_key) { | ||
2476 | up_write(&(auth_tok_key->sem)); | ||
2477 | key_put(auth_tok_key); | ||
2478 | } | ||
2479 | |||
2410 | mutex_unlock(&crypt_stat->keysig_list_mutex); | 2480 | mutex_unlock(&crypt_stat->keysig_list_mutex); |
2411 | return rc; | 2481 | return rc; |
2412 | } | 2482 | } |
@@ -2424,6 +2494,7 @@ int ecryptfs_add_keysig(struct ecryptfs_crypt_stat *crypt_stat, char *sig) | |||
2424 | return -ENOMEM; | 2494 | return -ENOMEM; |
2425 | } | 2495 | } |
2426 | memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); | 2496 | memcpy(new_key_sig->keysig, sig, ECRYPTFS_SIG_SIZE_HEX); |
2497 | new_key_sig->keysig[ECRYPTFS_SIG_SIZE_HEX] = '\0'; | ||
2427 | /* Caller must hold keysig_list_mutex */ | 2498 | /* Caller must hold keysig_list_mutex */ |
2428 | list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); | 2499 | list_add(&new_key_sig->crypt_stat_list, &crypt_stat->keysig_list); |
2429 | 2500 | ||
@@ -2453,7 +2524,6 @@ ecryptfs_add_global_auth_tok(struct ecryptfs_mount_crypt_stat *mount_crypt_stat, | |||
2453 | mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); | 2524 | mutex_lock(&mount_crypt_stat->global_auth_tok_list_mutex); |
2454 | list_add(&new_auth_tok->mount_crypt_stat_list, | 2525 | list_add(&new_auth_tok->mount_crypt_stat_list, |
2455 | &mount_crypt_stat->global_auth_tok_list); | 2526 | &mount_crypt_stat->global_auth_tok_list); |
2456 | mount_crypt_stat->num_global_auth_toks++; | ||
2457 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); | 2527 | mutex_unlock(&mount_crypt_stat->global_auth_tok_list_mutex); |
2458 | out: | 2528 | out: |
2459 | return rc; | 2529 | return rc; |
diff --git a/fs/ecryptfs/main.c b/fs/ecryptfs/main.c index 758323a0f09a..c27c0ecf90bc 100644 --- a/fs/ecryptfs/main.c +++ b/fs/ecryptfs/main.c | |||
@@ -122,7 +122,6 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
122 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); | 122 | ecryptfs_inode_to_private(ecryptfs_dentry->d_inode); |
123 | int rc = 0; | 123 | int rc = 0; |
124 | 124 | ||
125 | mutex_lock(&inode_info->lower_file_mutex); | ||
126 | if (!inode_info->lower_file) { | 125 | if (!inode_info->lower_file) { |
127 | struct dentry *lower_dentry; | 126 | struct dentry *lower_dentry; |
128 | struct vfsmount *lower_mnt = | 127 | struct vfsmount *lower_mnt = |
@@ -138,7 +137,6 @@ int ecryptfs_init_persistent_file(struct dentry *ecryptfs_dentry) | |||
138 | inode_info->lower_file = NULL; | 137 | inode_info->lower_file = NULL; |
139 | } | 138 | } |
140 | } | 139 | } |
141 | mutex_unlock(&inode_info->lower_file_mutex); | ||
142 | return rc; | 140 | return rc; |
143 | } | 141 | } |
144 | 142 | ||
@@ -241,14 +239,14 @@ static int ecryptfs_init_global_auth_toks( | |||
241 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat) | 239 | struct ecryptfs_mount_crypt_stat *mount_crypt_stat) |
242 | { | 240 | { |
243 | struct ecryptfs_global_auth_tok *global_auth_tok; | 241 | struct ecryptfs_global_auth_tok *global_auth_tok; |
242 | struct ecryptfs_auth_tok *auth_tok; | ||
244 | int rc = 0; | 243 | int rc = 0; |
245 | 244 | ||
246 | list_for_each_entry(global_auth_tok, | 245 | list_for_each_entry(global_auth_tok, |
247 | &mount_crypt_stat->global_auth_tok_list, | 246 | &mount_crypt_stat->global_auth_tok_list, |
248 | mount_crypt_stat_list) { | 247 | mount_crypt_stat_list) { |
249 | rc = ecryptfs_keyring_auth_tok_for_sig( | 248 | rc = ecryptfs_keyring_auth_tok_for_sig( |
250 | &global_auth_tok->global_auth_tok_key, | 249 | &global_auth_tok->global_auth_tok_key, &auth_tok, |
251 | &global_auth_tok->global_auth_tok, | ||
252 | global_auth_tok->sig); | 250 | global_auth_tok->sig); |
253 | if (rc) { | 251 | if (rc) { |
254 | printk(KERN_ERR "Could not find valid key in user " | 252 | printk(KERN_ERR "Could not find valid key in user " |
@@ -256,8 +254,10 @@ static int ecryptfs_init_global_auth_toks( | |||
256 | "option: [%s]\n", global_auth_tok->sig); | 254 | "option: [%s]\n", global_auth_tok->sig); |
257 | global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; | 255 | global_auth_tok->flags |= ECRYPTFS_AUTH_TOK_INVALID; |
258 | goto out; | 256 | goto out; |
259 | } else | 257 | } else { |
260 | global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; | 258 | global_auth_tok->flags &= ~ECRYPTFS_AUTH_TOK_INVALID; |
259 | up_write(&(global_auth_tok->global_auth_tok_key)->sem); | ||
260 | } | ||
261 | } | 261 | } |
262 | out: | 262 | out: |
263 | return rc; | 263 | return rc; |
diff --git a/fs/ecryptfs/mmap.c b/fs/ecryptfs/mmap.c index cc64fca89f8d..6a44148c5fb9 100644 --- a/fs/ecryptfs/mmap.c +++ b/fs/ecryptfs/mmap.c | |||
@@ -62,6 +62,18 @@ static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc) | |||
62 | { | 62 | { |
63 | int rc; | 63 | int rc; |
64 | 64 | ||
65 | /* | ||
66 | * Refuse to write the page out if we are called from reclaim context | ||
67 | * since our writepage() path may potentially allocate memory when | ||
68 | * calling into the lower fs vfs_write() which may in turn invoke | ||
69 | * us again. | ||
70 | */ | ||
71 | if (current->flags & PF_MEMALLOC) { | ||
72 | redirty_page_for_writepage(wbc, page); | ||
73 | rc = 0; | ||
74 | goto out; | ||
75 | } | ||
76 | |||
65 | rc = ecryptfs_encrypt_page(page); | 77 | rc = ecryptfs_encrypt_page(page); |
66 | if (rc) { | 78 | if (rc) { |
67 | ecryptfs_printk(KERN_WARNING, "Error encrypting " | 79 | ecryptfs_printk(KERN_WARNING, "Error encrypting " |
@@ -70,8 +82,8 @@ static int ecryptfs_writepage(struct page *page, struct writeback_control *wbc) | |||
70 | goto out; | 82 | goto out; |
71 | } | 83 | } |
72 | SetPageUptodate(page); | 84 | SetPageUptodate(page); |
73 | unlock_page(page); | ||
74 | out: | 85 | out: |
86 | unlock_page(page); | ||
75 | return rc; | 87 | return rc; |
76 | } | 88 | } |
77 | 89 | ||
@@ -193,11 +205,7 @@ static int ecryptfs_readpage(struct file *file, struct page *page) | |||
193 | &ecryptfs_inode_to_private(page->mapping->host)->crypt_stat; | 205 | &ecryptfs_inode_to_private(page->mapping->host)->crypt_stat; |
194 | int rc = 0; | 206 | int rc = 0; |
195 | 207 | ||
196 | if (!crypt_stat | 208 | if (!crypt_stat || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
197 | || !(crypt_stat->flags & ECRYPTFS_ENCRYPTED) | ||
198 | || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) { | ||
199 | ecryptfs_printk(KERN_DEBUG, | ||
200 | "Passing through unencrypted page\n"); | ||
201 | rc = ecryptfs_read_lower_page_segment(page, page->index, 0, | 209 | rc = ecryptfs_read_lower_page_segment(page, page->index, 0, |
202 | PAGE_CACHE_SIZE, | 210 | PAGE_CACHE_SIZE, |
203 | page->mapping->host); | 211 | page->mapping->host); |
@@ -295,8 +303,7 @@ static int ecryptfs_write_begin(struct file *file, | |||
295 | struct ecryptfs_crypt_stat *crypt_stat = | 303 | struct ecryptfs_crypt_stat *crypt_stat = |
296 | &ecryptfs_inode_to_private(mapping->host)->crypt_stat; | 304 | &ecryptfs_inode_to_private(mapping->host)->crypt_stat; |
297 | 305 | ||
298 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED) | 306 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
299 | || (crypt_stat->flags & ECRYPTFS_NEW_FILE)) { | ||
300 | rc = ecryptfs_read_lower_page_segment( | 307 | rc = ecryptfs_read_lower_page_segment( |
301 | page, index, 0, PAGE_CACHE_SIZE, mapping->host); | 308 | page, index, 0, PAGE_CACHE_SIZE, mapping->host); |
302 | if (rc) { | 309 | if (rc) { |
@@ -374,6 +381,11 @@ static int ecryptfs_write_begin(struct file *file, | |||
374 | && (pos != 0)) | 381 | && (pos != 0)) |
375 | zero_user(page, 0, PAGE_CACHE_SIZE); | 382 | zero_user(page, 0, PAGE_CACHE_SIZE); |
376 | out: | 383 | out: |
384 | if (unlikely(rc)) { | ||
385 | unlock_page(page); | ||
386 | page_cache_release(page); | ||
387 | *pagep = NULL; | ||
388 | } | ||
377 | return rc; | 389 | return rc; |
378 | } | 390 | } |
379 | 391 | ||
@@ -486,13 +498,8 @@ static int ecryptfs_write_end(struct file *file, | |||
486 | struct ecryptfs_crypt_stat *crypt_stat = | 498 | struct ecryptfs_crypt_stat *crypt_stat = |
487 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; | 499 | &ecryptfs_inode_to_private(ecryptfs_inode)->crypt_stat; |
488 | int rc; | 500 | int rc; |
501 | int need_unlock_page = 1; | ||
489 | 502 | ||
490 | if (crypt_stat->flags & ECRYPTFS_NEW_FILE) { | ||
491 | ecryptfs_printk(KERN_DEBUG, "ECRYPTFS_NEW_FILE flag set in " | ||
492 | "crypt_stat at memory location [%p]\n", crypt_stat); | ||
493 | crypt_stat->flags &= ~(ECRYPTFS_NEW_FILE); | ||
494 | } else | ||
495 | ecryptfs_printk(KERN_DEBUG, "Not a new file\n"); | ||
496 | ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" | 503 | ecryptfs_printk(KERN_DEBUG, "Calling fill_zeros_to_end_of_page" |
497 | "(page w/ index = [0x%.16lx], to = [%d])\n", index, to); | 504 | "(page w/ index = [0x%.16lx], to = [%d])\n", index, to); |
498 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { | 505 | if (!(crypt_stat->flags & ECRYPTFS_ENCRYPTED)) { |
@@ -512,26 +519,26 @@ static int ecryptfs_write_end(struct file *file, | |||
512 | "zeros in page with index = [0x%.16lx]\n", index); | 519 | "zeros in page with index = [0x%.16lx]\n", index); |
513 | goto out; | 520 | goto out; |
514 | } | 521 | } |
515 | rc = ecryptfs_encrypt_page(page); | 522 | set_page_dirty(page); |
516 | if (rc) { | 523 | unlock_page(page); |
517 | ecryptfs_printk(KERN_WARNING, "Error encrypting page (upper " | 524 | need_unlock_page = 0; |
518 | "index [0x%.16lx])\n", index); | ||
519 | goto out; | ||
520 | } | ||
521 | if (pos + copied > i_size_read(ecryptfs_inode)) { | 525 | if (pos + copied > i_size_read(ecryptfs_inode)) { |
522 | i_size_write(ecryptfs_inode, pos + copied); | 526 | i_size_write(ecryptfs_inode, pos + copied); |
523 | ecryptfs_printk(KERN_DEBUG, "Expanded file size to " | 527 | ecryptfs_printk(KERN_DEBUG, "Expanded file size to " |
524 | "[0x%.16llx]\n", | 528 | "[0x%.16llx]\n", |
525 | (unsigned long long)i_size_read(ecryptfs_inode)); | 529 | (unsigned long long)i_size_read(ecryptfs_inode)); |
530 | balance_dirty_pages_ratelimited(mapping); | ||
531 | rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); | ||
532 | if (rc) { | ||
533 | printk(KERN_ERR "Error writing inode size to metadata; " | ||
534 | "rc = [%d]\n", rc); | ||
535 | goto out; | ||
536 | } | ||
526 | } | 537 | } |
527 | rc = ecryptfs_write_inode_size_to_metadata(ecryptfs_inode); | 538 | rc = copied; |
528 | if (rc) | ||
529 | printk(KERN_ERR "Error writing inode size to metadata; " | ||
530 | "rc = [%d]\n", rc); | ||
531 | else | ||
532 | rc = copied; | ||
533 | out: | 539 | out: |
534 | unlock_page(page); | 540 | if (need_unlock_page) |
541 | unlock_page(page); | ||
535 | page_cache_release(page); | 542 | page_cache_release(page); |
536 | return rc; | 543 | return rc; |
537 | } | 544 | } |
diff --git a/fs/ecryptfs/read_write.c b/fs/ecryptfs/read_write.c index db184ef15d3d..85d430963116 100644 --- a/fs/ecryptfs/read_write.c +++ b/fs/ecryptfs/read_write.c | |||
@@ -44,15 +44,11 @@ int ecryptfs_write_lower(struct inode *ecryptfs_inode, char *data, | |||
44 | ssize_t rc; | 44 | ssize_t rc; |
45 | 45 | ||
46 | inode_info = ecryptfs_inode_to_private(ecryptfs_inode); | 46 | inode_info = ecryptfs_inode_to_private(ecryptfs_inode); |
47 | mutex_lock(&inode_info->lower_file_mutex); | ||
48 | BUG_ON(!inode_info->lower_file); | 47 | BUG_ON(!inode_info->lower_file); |
49 | inode_info->lower_file->f_pos = offset; | ||
50 | fs_save = get_fs(); | 48 | fs_save = get_fs(); |
51 | set_fs(get_ds()); | 49 | set_fs(get_ds()); |
52 | rc = vfs_write(inode_info->lower_file, data, size, | 50 | rc = vfs_write(inode_info->lower_file, data, size, &offset); |
53 | &inode_info->lower_file->f_pos); | ||
54 | set_fs(fs_save); | 51 | set_fs(fs_save); |
55 | mutex_unlock(&inode_info->lower_file_mutex); | ||
56 | mark_inode_dirty_sync(ecryptfs_inode); | 52 | mark_inode_dirty_sync(ecryptfs_inode); |
57 | return rc; | 53 | return rc; |
58 | } | 54 | } |
@@ -234,15 +230,11 @@ int ecryptfs_read_lower(char *data, loff_t offset, size_t size, | |||
234 | mm_segment_t fs_save; | 230 | mm_segment_t fs_save; |
235 | ssize_t rc; | 231 | ssize_t rc; |
236 | 232 | ||
237 | mutex_lock(&inode_info->lower_file_mutex); | ||
238 | BUG_ON(!inode_info->lower_file); | 233 | BUG_ON(!inode_info->lower_file); |
239 | inode_info->lower_file->f_pos = offset; | ||
240 | fs_save = get_fs(); | 234 | fs_save = get_fs(); |
241 | set_fs(get_ds()); | 235 | set_fs(get_ds()); |
242 | rc = vfs_read(inode_info->lower_file, data, size, | 236 | rc = vfs_read(inode_info->lower_file, data, size, &offset); |
243 | &inode_info->lower_file->f_pos); | ||
244 | set_fs(fs_save); | 237 | set_fs(fs_save); |
245 | mutex_unlock(&inode_info->lower_file_mutex); | ||
246 | return rc; | 238 | return rc; |
247 | } | 239 | } |
248 | 240 | ||
diff --git a/fs/ecryptfs/super.c b/fs/ecryptfs/super.c index 3042fe123a34..bacc882e1ae4 100644 --- a/fs/ecryptfs/super.c +++ b/fs/ecryptfs/super.c | |||
@@ -55,7 +55,6 @@ static struct inode *ecryptfs_alloc_inode(struct super_block *sb) | |||
55 | if (unlikely(!inode_info)) | 55 | if (unlikely(!inode_info)) |
56 | goto out; | 56 | goto out; |
57 | ecryptfs_init_crypt_stat(&inode_info->crypt_stat); | 57 | ecryptfs_init_crypt_stat(&inode_info->crypt_stat); |
58 | mutex_init(&inode_info->lower_file_mutex); | ||
59 | inode_info->lower_file = NULL; | 58 | inode_info->lower_file = NULL; |
60 | inode = &inode_info->vfs_inode; | 59 | inode = &inode_info->vfs_inode; |
61 | out: | 60 | out: |
@@ -198,7 +197,7 @@ static int ecryptfs_show_options(struct seq_file *m, struct vfsmount *mnt) | |||
198 | const struct super_operations ecryptfs_sops = { | 197 | const struct super_operations ecryptfs_sops = { |
199 | .alloc_inode = ecryptfs_alloc_inode, | 198 | .alloc_inode = ecryptfs_alloc_inode, |
200 | .destroy_inode = ecryptfs_destroy_inode, | 199 | .destroy_inode = ecryptfs_destroy_inode, |
201 | .drop_inode = generic_delete_inode, | 200 | .drop_inode = generic_drop_inode, |
202 | .statfs = ecryptfs_statfs, | 201 | .statfs = ecryptfs_statfs, |
203 | .remount_fs = NULL, | 202 | .remount_fs = NULL, |
204 | .evict_inode = ecryptfs_evict_inode, | 203 | .evict_inode = ecryptfs_evict_inode, |